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This listing oj claims will replace ail pi tot versions, and listings of drums tn the 
application: 
Listing of Claims: 

I (cuncntK amended) In a node opetati\e within a netwoil of a pluialtts nf nodes a 
method foi fKrtoimmg a \ ptographie~i elated htnetmns eompiismg 

e\euitmg an application progiam in <i use; space at the node w-hi-eh is not irecHf-ed, 

receding an input tequunva. cr\ptographic-i elated piocessmg, 

genciatmg a message \ ia the application piogtam based on the input the message 
leptesentmg one of a ptedefined set of messages fot processing bs one of a pluta.hr*, of 
cn ptogiaphic pressing u>mponents located in a kernel space within the node, each one of 
sard messages being associated with a tespectne one of said ervptogfaphic-i elated functions, 

transmitting the message to one of a socket handler and a call handler m kernel space at 
the node to ohtam a tiansmttted message the -en ptogjapim: piot.ev*Hig component and 

fot warding the tiansmttted message to a request handle* ai the node which getieiates a 
function call to the cn. ptographic processing component apptopmue for die tiansmttted 
message; and 

periotming the cn ptographic-related pioeesssng l>\ the u\ ptographtc piocesstng 
component appropriate for the transmitted message. 

2. (previously presented) The method of claim 1, wherein the cryptographic-related 
processing includes at least one of: 
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\enf\ing or ueneiating a digital siunaune encrypting data, deers pfmg data, ietnexutu 

a dmita! certificate <n ^eHificate relocation hst, \ erit\ my; a certificate's hietatchs self-signed 

(.utdicate piocussing loHieuug \enf\mg and stonng a digital certificate m the node ot 

certificate age checking. 

3. (currently amended) The method of claim 1, wherein the gen e rating- a- m e ssage 
MO smj iting incl tides: 

genet atmg a uset datagiam protocol (TOP) message containing an tdenUfiei associated 
with function ca-H message via the application progiam the function tali mes^a-iire- representing a 
le^tH^t ■ lor ■ pe* fornn ng a piedeteimrned ei\ ptogs a phi e~i elated function and transmitting the 
UDP message via a UDP socket to the socket handier 

! (pseuoush piesented) The method of elaim I tut thei compnsi ng 

geneiatsng an output message \ia the application progiam the output message retiunmg 
a\ ptogiaphic-ielated processing, 

tiansnuttmg, based on the required cisprogiaphic-i elated processing one of the 
predefined set of messages to the eryptogtaphie ptocesyng component 

per lot mi ng the cr\ ptogjapluc-rehued pioeessmg and 

outputting the processed message. 

5 (currently amended) A computer-readable medium having stored thereon a plurality 
of sequences of instructions that may be i nvoked by a plurality of predefined messages, said 
itistnictions including sequences of instructions which, when executed by a processor in an 
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e^WHH,4ftsvej>t"Vv-h4t-h"is-w4-i}e<£yFti a user space, canst- said processor to perform a method 
comprising: 

it;cej\ mg an mpui teptesoMmg one of (he piodefmed messages 

uansmsttuiy., based on the input a function call iepiesentiny a iequest foj enptogTaproe- 
icidtcd pfocesstny to a a\ ptogf jphic processing module executed b\ the processor ami 

pet for mi rm the enptogiaplne-ieidted processing hi #h^t j nvir(>iiment-\vbieh-is-nc)t-seewe 
a.Mniei.space,. 

wherein at least the receiving, the transmitting and the performing are implemented by 
liubiic.kex^ 

UseL^ace.eoni^ 
daeinoih a eeniijeate databa.^ 
and 

!s.eniej...space eomjOT 
and a RKA.I request handler : 

\V.l?.?ldAl.certajn.of Uje.i^ 
cojrnjonej^ 
spM-e.com|\OMnAi:..Md 

wherein other certain of the user .space components communicate with other certain of 
the kernel space components, 

6 (previously presented) The computer-readable medium of claim 5, wherein the 
performing the eryptographie-related processing includes at least one of: 
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\enf\ing or uuieiatmg a digital siunatuie encrypting or decrypting data, ietne\utg a 

digital tctttlkjte 01 certificate rt\ cxatf.in list \ uth trig a certificate s hterar Ju , seU-sismtd 

(.uttikate piocessing letrreung \ enf\ mg and storing a digital u.rtifkare or LUtifkate age 

cheeking. 

7. (canceled) 

8. (original) The computer-readable medium of claim 5, wherein the input represents a 
digitally signed network control message requiring verification. 

9. (currently amended) j^ha»^vit^«^t"Wy6b4S-«ot"Se^if%-a A cryptograph! c 

module, comprising: 

a plurality ofenpfographie processing programs tn user space on a computer-readable medium 
each program being imoked ua one of a pluralm of predefined messages, and 
a processor configured to operate within the e-n-vii^nm-ent *nd to 

recet\e an input requiring er\ ptograpbic-r datul processing 
generate one of the ptedeisned messages based on the input 
transmit the message to the memorv to invoke a first one of the cr> ptographic 
processing programs;, and 

perform,. .m.kernej. space, the cryptographic-related process! ug, 

vvhexejn jhejnM^^ 

i nfirastructure compri sing : 
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user space components including a user application program, a control daemon, 

a airdficit^ 

k<?M<?Lspac^ 

handier; 

wherein certain of the user space components communicate with other of the 
usot. ..space. coniponents. and. .ce . kernel . space .components. a)n.tnumk % ate. with other, of 

.the kej'^ 

wherein other certain of the user space components communicate with other 
^ertajji.ofxheto 

10. (previously presented) The cryptographic module of claim 9, wherein when 
performing the cryptographic-related processing, the processor is configured to perform at least 
one of: 

verifying or generating a digital signature; encrypting data; decrypting data; retrieving a 
digital certificate or certificate revocation list; verifying a certificate's hierarchy; self-signed 
certificate processing; retrieving, verifying and storing a digital certificate; or certificate age 
checking. 

1 1 , (original) The cryptographic module of claim 9, wherein when transmitting the 
message, the processor is further configured to: 

transmit, a function call to the first cryptographic processing program. 
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12. {original) The cryptogiaphic module of claim wherein the pioccssoi is further 

configured to: 

transmit the result of the cryptographic-related processing to an application program. 

13, (canceled) 

14. (currently amended) A. method of performing cryptographic- related functions in a 
node coupled to other nodes in a network enviFonmeftt-whi-eiv-fs-aot-seetir-e, the node including 
an application program executed in user space for handling communications with the other 
nodes, the method comprising: 

recehingin said node vvithtn the^m-ifonnwHt-^vhiehi^Htrt-seeuf^an input requiring a 
c rv ptograp hi c - related operat i on . 

generating in said node wttiiiH- die-enviromoem a predefined message based on the 
input, the message representing one of a plurality of predefined messages usable by a 
cryptographic processing program executed by t-h-e-node one of .a .pjurajitv.of cryptographic 
processing 
re.sjectiye one^ 

transmitting in said node withifi -tl^eenvtronm-em the predefined message to a.socket 
handler in kernel space or a call handler in kernel space to obtain a transmitted message; the 

.fpj'.y^d^ 
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performing in said node w-it-lii-» -th«-enwom?ient, via the cryptographic processing 
program, the tfesiml required cryptographic-related operation 

15. (original) The method of claim 14, further comprising: 
returning the result of the performing to the application program. 

16. {previously presented) The method of claim 14, wherein the predefined message 
includes at least one of; 

a request for digital signature generation, a request for digital signature verification, a 
request for data encryption, a request for data decryption, a request for retrieval of a digital 
certificate, a request for retrieval of a certificate revocation l ist, a request for verification of a 
certificate's hierarchy, a request for self-signed certificate processing, or a request for certificate 
age checking. 

17. (previously presented) The method of claim 16, wherein the request for digital 
signature generation includes a request for at least one of RSA signature generation, secret 
keyed MD5 signature generation, elliptic curve signature generation or digital signature 
standard signature generation. 

1 8. (previously presented) The method of claim 16, wherein the request for digital 
signature verification includes a request for at least one of RSA signature verification, secret 
keyed MD5 signature verification, elliptic curve signature verification or digital signature 
standard signature verification. 
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19. (previously presented) The method of claim i6, wherein the request for data 
encryption includes a request' for at least one of RSA based encryption or elliptic curve based 
encryption. 

20. (previously presented) The method of claim 16, wherein the request for data 
decryption includes a request for at least one of R SA based decryption or elliptic curve based 
decryption. 

21. {original) The method of claim 14, wherein the performing includes: 

accessing a remote server via the network to retrieve cryptographic-related information. 

22 (currently amended) \ computer-readable medium that stores instructions in. user 
space executable by at least one processor H^"an"enviiK>nn^ent-^hii4vis-not M^.'iife in. .kernel 
space to perform a method for providing cryptographic-related functions, the method 

comprising: 

function call fiom a predefined list oi function oils the predefined hst of iuneuou calls 
representing available cixptogiaphK-s elated functions executable b\ the at least one process, 
generaung m the at least one processor m the- envn onmenf a request message based on 
the first funason v_all the request message representing a request for processing b\ a 
crvptogjaphic processing module executed b> the at least one processor 
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transmitting ?n the at least one piotes»or m th-e em iromfwnt the lequeot message to the 

ctsptogiaphtc processing module, and 

peiformum in the at least one pi octroi m th-eeintiumrietH the u> piogiaphic-ieiaied 

function; 

whetcin the seecismg, the, gcnciating the uansmittmu and the pctfoimmg ate 
implemented by: 

tisei space components mdudtng a luser application progiam, ft contiol ilicmon 
a certificate database, a operations daemon and a i emote sen ei daemon , and 

kernel . space . components. ..including. . a . socket handier, . a . cal 1 . handler and . a .request 

haodjec 

components and certain of the kernel space components communicate with other of the kernel 
space compontv.?ts i ..ajitj 

>y)iv^re„in.othv^r.cea 
the, keme I space compoiien ts , 

23. (canceled) 



10 



